[Pkg-fedora-ds-maintainers] 389-ds-base: Changes to 'ubuntu'
Timo Aaltonen
tjaalton-guest at alioth.debian.org
Sun Jul 1 20:08:15 UTC 2012
Makefile.am | 25
VERSION.sh | 4
configure.ac | 20
debian/389-ds-base.dirsrv.init | 2
debian/389-ds-base.postinst | 12
debian/389-ds-base.prerm | 13
debian/changelog | 119 -
debian/control | 11
debian/patches/format-security.diff | 114 -
debian/patches/series | 1
debian/rules | 2
debian/watch | 2
ldap/admin/src/logconv.pl | 224 +-
ldap/admin/src/scripts/DSCreate.pm.in | 15
ldap/admin/src/scripts/DSDialogs.pm | 2
ldap/admin/src/scripts/DSUtil.pm.in | 124 +
ldap/admin/src/scripts/dnaplugindepends.ldif | 3
ldap/admin/src/scripts/remove-ds.pl.in | 6
ldap/ldif/template-dnaplugin.ldif.in | 2
ldap/ldif/template-dse.ldif.in | 11
ldap/schema/01core389.ldif | 10
ldap/schema/10dna-plugin.ldif | 204 ++
ldap/schema/60pam-plugin.ldif | 3
ldap/schema/60qmail.ldif | 20
ldap/schema/60sabayon.ldif | 10
ldap/servers/plugins/acctpolicy/acct_plugin.c | 21
ldap/servers/plugins/acctpolicy/acct_util.c | 6
ldap/servers/plugins/acctpolicy/acctpolicy.h | 2
ldap/servers/plugins/acl/acl.c | 54
ldap/servers/plugins/acl/aclanom.c | 11
ldap/servers/plugins/acl/acllas.c | 2
ldap/servers/plugins/acl/acllist.c | 4
ldap/servers/plugins/acl/aclparse.c | 5
ldap/servers/plugins/acl/aclutil.c | 7
ldap/servers/plugins/automember/automember.c | 783 +++++++++
ldap/servers/plugins/chainingdb/cb_add.c | 2
ldap/servers/plugins/chainingdb/cb_compare.c | 2
ldap/servers/plugins/chainingdb/cb_config.c | 7
ldap/servers/plugins/chainingdb/cb_delete.c | 2
ldap/servers/plugins/chainingdb/cb_modify.c | 2
ldap/servers/plugins/chainingdb/cb_modrdn.c | 32
ldap/servers/plugins/chainingdb/cb_search.c | 4
ldap/servers/plugins/cos/cos.c | 52
ldap/servers/plugins/cos/cos_cache.c | 5
ldap/servers/plugins/deref/deref.c | 12
ldap/servers/plugins/dna/dna.c | 1163 +++++++++-----
ldap/servers/plugins/linkedattrs/fixup_task.c | 51
ldap/servers/plugins/linkedattrs/linked_attrs.c | 51
ldap/servers/plugins/linkedattrs/linked_attrs.h | 1
ldap/servers/plugins/memberof/memberof.c | 466 ++---
ldap/servers/plugins/memberof/memberof.h | 3
ldap/servers/plugins/memberof/memberof_config.c | 33
ldap/servers/plugins/mep/mep.c | 81 -
ldap/servers/plugins/pam_passthru/pam_passthru.h | 48
ldap/servers/plugins/pam_passthru/pam_ptconfig.c | 715 ++++++--
ldap/servers/plugins/pam_passthru/pam_ptimpl.c | 55
ldap/servers/plugins/pam_passthru/pam_ptpreop.c | 580 ++++++-
ldap/servers/plugins/referint/referint.c | 90 -
ldap/servers/plugins/replication/cl5_api.c | 138 +
ldap/servers/plugins/replication/cl5_api.h | 4
ldap/servers/plugins/replication/csnpl.c | 30
ldap/servers/plugins/replication/llist.c | 8
ldap/servers/plugins/replication/repl5.h | 33
ldap/servers/plugins/replication/repl5_agmt.c | 136 +
ldap/servers/plugins/replication/repl5_agmtlist.c | 13
ldap/servers/plugins/replication/repl5_connection.c | 26
ldap/servers/plugins/replication/repl5_inc_protocol.c | 1212 ++++++---------
ldap/servers/plugins/replication/repl5_init.c | 63
ldap/servers/plugins/replication/repl5_plugins.c | 15
ldap/servers/plugins/replication/repl5_protocol_util.c | 54
ldap/servers/plugins/replication/repl5_replica.c | 118 -
ldap/servers/plugins/replication/repl5_replica_config.c | 551 ++++++
ldap/servers/plugins/replication/repl5_ruv.c | 37
ldap/servers/plugins/replication/repl_extop.c | 372 ++++
ldap/servers/plugins/replication/repl_globals.c | 2
ldap/servers/plugins/replication/replutil.c | 5
ldap/servers/plugins/replication/urp.c | 123 -
ldap/servers/plugins/replication/urp.h | 10
ldap/servers/plugins/replication/urp_glue.c | 17
ldap/servers/plugins/replication/urp_tombstone.c | 14
ldap/servers/plugins/replication/windows_connection.c | 3
ldap/servers/plugins/replication/windows_private.c | 328 +++-
ldap/servers/plugins/replication/windows_protocol_util.c | 188 ++
ldap/servers/plugins/replication/windowsrepl.h | 35
ldap/servers/plugins/replication/winsync-plugin.h | 334 ++++
ldap/servers/plugins/retrocl/retrocl.c | 48
ldap/servers/plugins/retrocl/retrocl_po.c | 5
ldap/servers/plugins/roles/roles_plugin.c | 52
ldap/servers/plugins/rootdn_access/rootdn_access.c | 663 ++++++++
ldap/servers/plugins/rootdn_access/rootdn_access.h | 57
ldap/servers/plugins/schema_reload/schema_reload.c | 53
ldap/servers/plugins/statechange/statechange.c | 29
ldap/servers/plugins/uiduniq/7bit.c | 28
ldap/servers/plugins/uiduniq/plugin-utils.h | 6
ldap/servers/plugins/uiduniq/uid.c | 68
ldap/servers/plugins/uiduniq/utils.c | 29
ldap/servers/plugins/usn/usn.c | 197 +-
ldap/servers/plugins/usn/usn_cleanup.c | 13
ldap/servers/plugins/views/views.c | 9
ldap/servers/slapd/abandon.c | 11
ldap/servers/slapd/add.c | 87 -
ldap/servers/slapd/attr.c | 12
ldap/servers/slapd/auditlog.c | 24
ldap/servers/slapd/auth.c | 38
ldap/servers/slapd/back-ldbm/back-ldbm.h | 12
ldap/servers/slapd/back-ldbm/backentry.c | 4
ldap/servers/slapd/back-ldbm/cache.c | 63
ldap/servers/slapd/back-ldbm/dbhelp.c | 6
ldap/servers/slapd/back-ldbm/dblayer.c | 707 ++++++++
ldap/servers/slapd/back-ldbm/filterindex.c | 27
ldap/servers/slapd/back-ldbm/id2entry.c | 16
ldap/servers/slapd/back-ldbm/idl_new.c | 61
ldap/servers/slapd/back-ldbm/import-threads.c | 23
ldap/servers/slapd/back-ldbm/index.c | 132 +
ldap/servers/slapd/back-ldbm/ldbm_add.c | 198 +-
ldap/servers/slapd/back-ldbm/ldbm_bind.c | 5
ldap/servers/slapd/back-ldbm/ldbm_compare.c | 5
ldap/servers/slapd/back-ldbm/ldbm_config.c | 12
ldap/servers/slapd/back-ldbm/ldbm_delete.c | 378 +++-
ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c | 875 ++++++++--
ldap/servers/slapd/back-ldbm/ldbm_instance_config.c | 8
ldap/servers/slapd/back-ldbm/ldbm_modify.c | 422 +++--
ldap/servers/slapd/back-ldbm/ldbm_modrdn.c | 397 +++-
ldap/servers/slapd/back-ldbm/ldbm_search.c | 46
ldap/servers/slapd/back-ldbm/ldif2ldbm.c | 4
ldap/servers/slapd/back-ldbm/misc.c | 2
ldap/servers/slapd/back-ldbm/perfctrs.c | 2
ldap/servers/slapd/back-ldbm/proto-back-ldbm.h | 3
ldap/servers/slapd/back-ldbm/seq.c | 3
ldap/servers/slapd/back-ldbm/start.c | 3
ldap/servers/slapd/back-ldbm/upgrade.c | 56
ldap/servers/slapd/back-ldbm/vlv.c | 7
ldap/servers/slapd/bind.c | 47
ldap/servers/slapd/charray.c | 5
ldap/servers/slapd/compare.c | 4
ldap/servers/slapd/config.c | 17
ldap/servers/slapd/configdse.c | 5
ldap/servers/slapd/connection.c | 10
ldap/servers/slapd/daemon.c | 541 ++++++
ldap/servers/slapd/delete.c | 5
ldap/servers/slapd/dse.c | 584 ++++---
ldap/servers/slapd/entry.c | 61
ldap/servers/slapd/entrywsi.c | 30
ldap/servers/slapd/ldaputil.c | 83 +
ldap/servers/slapd/libglobs.c | 341 +++-
ldap/servers/slapd/log.c | 67
ldap/servers/slapd/main.c | 3
ldap/servers/slapd/modify.c | 67
ldap/servers/slapd/modrdn.c | 28
ldap/servers/slapd/modutil.c | 65
ldap/servers/slapd/operation.c | 11
ldap/servers/slapd/opshared.c | 153 +
ldap/servers/slapd/pagedresults.c | 527 +++++-
ldap/servers/slapd/passwd_extop.c | 12
ldap/servers/slapd/pblock.c | 90 +
ldap/servers/slapd/plugin.c | 22
ldap/servers/slapd/plugin_acl.c | 5
ldap/servers/slapd/plugin_internal_op.c | 58
ldap/servers/slapd/proto-slap.h | 78
ldap/servers/slapd/psearch.c | 3
ldap/servers/slapd/pw.c | 73
ldap/servers/slapd/pw.h | 2
ldap/servers/slapd/pw_mgmt.c | 21
ldap/servers/slapd/pw_retry.c | 106 -
ldap/servers/slapd/regex.c | 28
ldap/servers/slapd/resourcelimit.c | 4
ldap/servers/slapd/result.c | 22
ldap/servers/slapd/sasl_map.c | 6
ldap/servers/slapd/saslbind.c | 14
ldap/servers/slapd/schema.c | 44
ldap/servers/slapd/search.c | 3
ldap/servers/slapd/slap.h | 59
ldap/servers/slapd/slapi-plugin.h | 40
ldap/servers/slapd/slapi-private.h | 2
ldap/servers/slapd/sort.c | 9
ldap/servers/slapd/thread_data.c | 174 ++
ldap/servers/slapd/tools/ldclt/ldapfct.c | 25
ldap/servers/slapd/tools/ldclt/ldclt.c | 2
ldap/servers/slapd/tools/rsearch/addthread.c | 26
ldap/servers/slapd/tools/rsearch/searchthread.c | 32
ldap/servers/snmp/main.c | 1
lib/base/pool.cpp | 10
m4/db.m4 | 6
183 files changed, 13361 insertions(+), 4356 deletions(-)
New commits:
commit c6feb75fa119d6bbe1047414910550cfa8c4c56d
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Thu Jun 28 17:43:00 2012 +0300
Revert "Drop the error handler"
This reverts commit e835bb1a38114a8d5aa8a00d540dc7aebd05f2f6.
use what went in debian instead.
Conflicts:
debian/389-ds-base.dirsrv.init
debian/changelog
diff --git a/debian/389-ds-base.postinst b/debian/389-ds-base.postinst
index 7974427..6fe4ac8 100644
--- a/debian/389-ds-base.postinst
+++ b/debian/389-ds-base.postinst
@@ -25,4 +25,16 @@ if [ "$1" = configure ]; then
fi
fi
+invoke_failure() {
+ # invoke-rc.d failed, likely because no instance has been configured yet
+ # but exit with an error if an instance is configured and the invoke failed
+ INSTANCES=`ls -d /etc/dirsrv/slapd-* | grep -v removed`
+ if [ -z $INSTANCES ]; then
+ echo "... because no instance has been configured yet."
+ else
+ exit 1
+ fi
+}
+
+
#DEBHELPER#
diff --git a/debian/rules b/debian/rules
index 34bb91c..23dcb46 100755
--- a/debian/rules
+++ b/debian/rules
@@ -60,7 +60,7 @@ override_dh_install:
dh_install --fail-missing
override_dh_installinit:
- dh_installinit --name dirsrv -- defaults 15 85
+ dh_installinit --name dirsrv --error-handler=invoke_failure -- defaults 15 85
override_dh_strip:
dh_strip -p389-ds-base-libs --dbg-package=389-ds-base-libs-dbg
commit 2e0b92f17eb7d14af68ddcee1a9a0f889a114b45
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Thu Jun 28 17:40:06 2012 +0300
control: Fix the binary depends to use libdb.
diff --git a/debian/changelog b/debian/changelog
index 995f9c9..229074a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+389-ds-base (1.2.11.7-2) UNRELEASED; urgency=low
+
+ * control: Fix the binary depends to use libdb.
+
+ -- Timo Aaltonen <tjaalton at ubuntu.com> Thu, 28 Jun 2012 17:39:09 +0300
+
389-ds-base (1.2.11.7-1) unstable; urgency=low
[ Timo Aaltonen ]
diff --git a/debian/control b/debian/control
index 90b55d8..b671b8a 100644
--- a/debian/control
+++ b/debian/control
@@ -51,7 +51,7 @@ Depends: ${misc:Depends}, ${shlibs:Depends},
libnss3-1d,
libsvrcore0,
libsnmp15,
- libdb4.8,
+ libdb,
Breaks: libdirsrv0
Replaces: libdirsrv0
Description: 389 Directory Server libraries -- runtime
@@ -88,7 +88,7 @@ Depends: ${misc:Depends}, ${shlibs:Depends},
libnss3-1d,
libsvrcore0,
libsnmp15,
- libdb4.8,
+ libdb,
Breaks: libdirsrv-dev
Replaces: libdirsrv-dev
Description: 389 Directory Server libraries -- development files
@@ -109,7 +109,7 @@ Depends: ${misc:Depends}, ${shlibs:Depends},
libnss3-1d,
libsvrcore0,
libsnmp15,
- libdb4.8,
+ libdb,
adduser,
libmozilla-ldap-perl,
libsasl2-modules-gssapi-mit,
commit 1d20295169c704b402113d4e028606f8d97ee1ab
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Thu Jun 28 17:20:56 2012 +0300
add changelog entry for 1.2.10.4-0ubuntu4
diff --git a/debian/changelog b/debian/changelog
index 7437df9..382ee89 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -63,6 +63,15 @@
-- Krzysztof Klimonda <kklimonda at syntaxhighlighted.com> Tue, 27 Mar 2012 14:26:16 +0200
+389-ds-base (1.2.10.4-0ubuntu4) quantal; urgency=low
+
+ * Switch to db5.1:
+ - control: switch dependancies from libdb4.8[-dev] to libdb[-dev]
+ - Correct comparisons for >v4.4 for DB_ENV_SET_TAS_SPINS.
+ - Correct comparisons for >v4.4 for DB_LOCK_STAT.
+
+ -- Andy Whitcroft <apw at ubuntu.com> Fri, 15 Jun 2012 11:56:28 +0100
+
389-ds-base (1.2.10.4-0ubuntu3) precise; urgency=low
* postinst, init: Drop the error handler, and make it non-fatal if
commit 766327e3ed8e758aa7ad41b21e1d19cb240939c7
Author: Ghe Rivero <ghe at debian.org>
Date: Thu Jun 28 12:51:47 2012 +0200
Updated distribution to unstable
diff --git a/debian/changelog b/debian/changelog
index 4580ac5..995f9c9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-389-ds-base (1.2.11.7-1) UNRELEASED; urgency=low
+389-ds-base (1.2.11.7-1) unstable; urgency=low
[ Timo Aaltonen ]
* New upstream release.
commit a04b937c4cf20c066374c70e08da9150882028a0
Author: Ghe Rivero <ghe at debian.org>
Date: Thu Jun 28 09:01:16 2012 +0200
Added Krzysztof Klimonda to uploaders
diff --git a/debian/control b/debian/control
index 5c6bd4c..90b55d8 100644
--- a/debian/control
+++ b/debian/control
@@ -2,7 +2,8 @@ Source: 389-ds-base
Section: net
Priority: optional
Maintainer: Debian 389ds Team <pkg-fedora-ds-maintainers at lists.alioth.debian.org>
-Uploaders: Timo Aaltonen <tjaalton at ubuntu.com>
+Uploaders: Timo Aaltonen <tjaalton at ubuntu.com>,
+ Krzysztof Klimonda <kklimonda at syntaxhighlighted.com>
Build-Depends: quilt, debhelper (>= 9), dpkg-dev (>= 1.13.19),
dh-autoreconf,
libnspr4-dev,
commit b437357f1b9c291f7b61d705ebcb75df2b2939d6
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Thu Jun 28 09:14:23 2012 +0300
bump the version
diff --git a/debian/changelog b/debian/changelog
index bcf0fe5..4580ac5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-389-ds-base (1.2.11.6-1) UNRELEASED; urgency=low
+389-ds-base (1.2.11.7-1) UNRELEASED; urgency=low
[ Timo Aaltonen ]
* New upstream release.
commit a2d2d2441aa7bd06748a1ab3106cac7b8c67b9b2
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Thu Jun 28 09:13:26 2012 +0300
fix the watch file again
diff --git a/debian/watch b/debian/watch
index 01ece3e..2109aac 100644
--- a/debian/watch
+++ b/debian/watch
@@ -1,2 +1,2 @@
version=3
-http://directory.fedoraproject.org/sources/389-ds-base-(.*).tar.bz2
+http://directory.fedoraproject.org/wiki/Source .*/389-ds-base-(.*).tar.bz2
commit 5f01f68d087aaa0676fdc33a6b93f300e8a1ac61
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Wed Jun 27 20:02:55 2012 +0300
wrap a line that's too long
diff --git a/debian/changelog b/debian/changelog
index e231aaf..bcf0fe5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -53,7 +53,8 @@
* control: Add 389-ds metapackage.
* control: Change libdb4.8-dev build-depends to libdb-dev, since this version
supports db5.x.
- * 389-ds-base.prerm: Add prerm script for removing installed instances on purge.
+ * 389-ds-base.prerm: Add prerm script for removing installed instances on
+ purge.
[ Krzysztof Klimonda ]
* dirsrv.init:
commit 477f3cdfbc1be838eec371b835b3d1da3da50e89
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Wed Jun 27 20:02:04 2012 +0300
catch errors on the prerm scripts
diff --git a/debian/389-ds-base.prerm b/debian/389-ds-base.prerm
index 727e49f..8679d81 100644
--- a/debian/389-ds-base.prerm
+++ b/debian/389-ds-base.prerm
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/sh -e
#DEBHELPER#
commit 607abfe8df42963361e1cf4f2c85bfd18d1e2845
Author: Rich Megginson <rmeggins at redhat.com>
Date: Wed Jun 27 10:57:12 2012 -0600
bump version to 1.2.11.7
diff --git a/VERSION.sh b/VERSION.sh
index 87f74d8..50bfbe8 100644
--- a/VERSION.sh
+++ b/VERSION.sh
@@ -10,7 +10,7 @@ vendor="389 Project"
# PACKAGE_VERSION is constructed from these
VERSION_MAJOR=1
VERSION_MINOR=2
-VERSION_MAINT=11.6
+VERSION_MAINT=11.7
# if this is a PRERELEASE, set VERSION_PREREL
# otherwise, comment it out
# be sure to include the dot prefix in the prerel
commit 692eb1188dbda2c1234751985d7d9af8e16da648
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Wed Jun 27 19:52:16 2012 +0300
drop path from prerm
diff --git a/debian/389-ds-base.prerm b/debian/389-ds-base.prerm
index b1e52c1..727e49f 100644
--- a/debian/389-ds-base.prerm
+++ b/debian/389-ds-base.prerm
@@ -4,7 +4,7 @@
if [ "$1" = "purge" ]; then
# remove all installed instances
- for FILE in `/bin/ls -d $CONFDIR/slapd-* 2>/dev/null | sed -n '/\.removed$/!$'`
+ for FILE in `ls -d $CONFDIR/slapd-* 2>/dev/null | sed -n '/\.removed$/!$'`
do
if [ -d "$FILE" ] ; then
remove-ds -f -i $FILE
commit d8d570286d81ee679f77b374618ecd8c273a44bc
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Wed Jun 27 19:50:54 2012 +0300
389-ds-base.prerm: Add prerm script for removing installed instances on purge.
diff --git a/debian/389-ds-base.prerm b/debian/389-ds-base.prerm
new file mode 100644
index 0000000..b1e52c1
--- /dev/null
+++ b/debian/389-ds-base.prerm
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+#DEBHELPER#
+
+if [ "$1" = "purge" ]; then
+ # remove all installed instances
+ for FILE in `/bin/ls -d $CONFDIR/slapd-* 2>/dev/null | sed -n '/\.removed$/!$'`
+ do
+ if [ -d "$FILE" ] ; then
+ remove-ds -f -i $FILE
+ fi
+ done
+fi
diff --git a/debian/changelog b/debian/changelog
index 04f28cb..e231aaf 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -53,6 +53,7 @@
* control: Add 389-ds metapackage.
* control: Change libdb4.8-dev build-depends to libdb-dev, since this version
supports db5.x.
+ * 389-ds-base.prerm: Add prerm script for removing installed instances on purge.
[ Krzysztof Klimonda ]
* dirsrv.init:
commit 39e345769ee43c521772a49c84e966a45a294f38
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Wed Jun 27 19:45:33 2012 +0300
control: Change libdb4.8-dev build-depends to libdb-dev, since this version supports db5.x.
diff --git a/debian/changelog b/debian/changelog
index b6ed631..04f28cb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -51,6 +51,8 @@
- Fix starting multiple instances
- Use '-b' for start-stop-daemon, since ns-slapd doesn't detach properly
* control: Add 389-ds metapackage.
+ * control: Change libdb4.8-dev build-depends to libdb-dev, since this version
+ supports db5.x.
[ Krzysztof Klimonda ]
* dirsrv.init:
diff --git a/debian/control b/debian/control
index 5d8d120..5c6bd4c 100644
--- a/debian/control
+++ b/debian/control
@@ -12,7 +12,7 @@ Build-Depends: quilt, debhelper (>= 9), dpkg-dev (>= 1.13.19),
libldap2-dev (>= 2.4.28),
libicu-dev,
libsnmp-dev,
- libdb4.8-dev,
+ libdb-dev,
zlib1g-dev,
libbz2-dev,
libssl-dev,
commit 4bf9444a082f25f289a973128c243583831cc848
Author: Rich Megginson <rmeggins at redhat.com>
Date: Wed Jun 27 10:32:38 2012 -0600
Ticket 378 - unhashed#user#password visible after changing password
declare is_type_forbidden in deref.c
diff --git a/ldap/servers/plugins/deref/deref.c b/ldap/servers/plugins/deref/deref.c
index d97dc0a..7c502df 100644
--- a/ldap/servers/plugins/deref/deref.c
+++ b/ldap/servers/plugins/deref/deref.c
@@ -46,6 +46,8 @@
#include "deref.h"
#include <nspr.h>
+int is_type_forbidden(const char *type); /* from proto-slap.h */
+
#ifndef DN_SYNTAX_OID
#define DN_SYNTAX_OID "1.3.6.1.4.1.1466.115.121.1.12"
#endif
commit 537497ee86d5ea1d5d6347ddef3bdf0819654f49
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Wed Jun 27 19:31:48 2012 +0300
drop format-security.diff, applied upstream
diff --git a/debian/changelog b/debian/changelog
index 06ec1f7..b6ed631 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -19,7 +19,6 @@
* Build against libldap2-dev (>= 2.4.28).
* Rename binary package to 389-ds-base.
* -dev.install: Install the pkgconfig file.
- * Add format-security.diff to fix FTBFS with current hardening flags.
* rules: Enable PIE hardening.
* Add a default file, currently sets LD_BIND_NOW=1.
* control: 'dbgen' uses old perl libs, add libperl4-corelibs-perl
diff --git a/debian/patches/format-security.diff b/debian/patches/format-security.diff
deleted file mode 100644
index 7d4833a..0000000
--- a/debian/patches/format-security.diff
+++ /dev/null
@@ -1,114 +0,0 @@
-Description: fix build errors with --format-security
-Forwarded: https://fedorahosted.org/389/ticket/285
-
-Index: 389-ds-base/ldap/servers/plugins/replication/repl5_ruv.c
-===================================================================
---- 389-ds-base.orig/ldap/servers/plugins/replication/repl5_ruv.c 2012-02-27 13:22:48.128678099 +0200
-+++ 389-ds-base/ldap/servers/plugins/replication/repl5_ruv.c 2012-02-27 13:22:50.900749285 +0200
-@@ -1364,7 +1364,7 @@
- }
- else
- {
-- slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, buff);
-+ slapi_log_error(SLAPI_LOG_REPL, "%s", repl_plugin_name, buff);
- }
- for (replica = dl_get_first (ruv->elements, &cookie); replica;
- replica = dl_get_next (ruv->elements, &cookie))
-@@ -1389,7 +1389,7 @@
- }
- else
- {
-- slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, buff);
-+ slapi_log_error(SLAPI_LOG_REPL, "%s", repl_plugin_name, buff);
- }
- }
-
-Index: 389-ds-base/ldap/servers/slapd/passwd_extop.c
-===================================================================
---- 389-ds-base.orig/ldap/servers/slapd/passwd_extop.c 2012-02-27 13:22:48.140678409 +0200
-+++ 389-ds-base/ldap/servers/slapd/passwd_extop.c 2012-02-27 13:22:50.900749285 +0200
-@@ -489,7 +489,7 @@
- errMesg = "Could not get OID value from request.\n";
- rc = LDAP_OPERATIONS_ERROR;
- slapi_log_error( SLAPI_LOG_PLUGIN, "passwd_modify_extop",
-- errMesg );
-+ "%s", errMesg );
- goto free_and_return;
- } else {
- slapi_log_error( SLAPI_LOG_PLUGIN, "passwd_modify_extop",
-@@ -515,7 +515,7 @@
- errMesg = "Could not get SASL SSF from connection\n";
- rc = LDAP_OPERATIONS_ERROR;
- slapi_log_error( SLAPI_LOG_PLUGIN, "passwd_modify_extop",
-- errMesg );
-+ "%s", errMesg );
- goto free_and_return;
- }
-
-@@ -523,7 +523,7 @@
- errMesg = "Could not get local SSF from connection\n";
- rc = LDAP_OPERATIONS_ERROR;
- slapi_log_error( SLAPI_LOG_PLUGIN, "passwd_modify_extop",
-- errMesg );
-+ "%s", errMesg );
- goto free_and_return;
- }
-
-@@ -846,7 +846,7 @@
- /* Free anything that we allocated above */
- free_and_return:
- slapi_log_error( SLAPI_LOG_PLUGIN, "passwd_modify_extop",
-- errMesg ? errMesg : "success" );
-+ "%s", errMesg ? errMesg : "success" );
-
- if ((rc == LDAP_REFERRAL) && (referrals)) {
- send_referrals_from_entry(pb, referrals);
-Index: 389-ds-base/lib/base/pool.cpp
-===================================================================
---- 389-ds-base.orig/lib/base/pool.cpp 2012-02-27 13:22:48.116677793 +0200
-+++ 389-ds-base/lib/base/pool.cpp 2012-02-27 13:22:50.900749285 +0200
-@@ -178,7 +178,7 @@
- crit_exit(freelist_lock);
- if (((newblock = (block_t *)PERM_MALLOC(sizeof(block_t))) == NULL) ||
- ((newblock->data = (char *)PERM_MALLOC(bytes)) == NULL)) {
-- ereport(LOG_CATASTROPHE, XP_GetAdminStr(DBT_poolCreateBlockOutOfMemory_));
-+ ereport(LOG_CATASTROPHE, "%s", XP_GetAdminStr(DBT_poolCreateBlockOutOfMemory_));
- if (newblock)
- PERM_FREE(newblock);
- return NULL;
-@@ -270,7 +270,7 @@
- }
-
- if ( (newpool->curr_block =_create_block(BLOCK_SIZE)) == NULL) {
-- ereport(LOG_CATASTROPHE, XP_GetAdminStr(DBT_poolCreateOutOfMemory_));
-+ ereport(LOG_CATASTROPHE, "%s", XP_GetAdminStr(DBT_poolCreateOutOfMemory_));
- PERM_FREE(newpool);
- return NULL;
- }
-@@ -291,7 +291,7 @@
- crit_exit(known_pools_lock);
- }
- else
-- ereport(LOG_CATASTROPHE, XP_GetAdminStr(DBT_poolCreateOutOfMemory_1));
-+ ereport(LOG_CATASTROPHE, "%s", XP_GetAdminStr(DBT_poolCreateOutOfMemory_1));
-
- return (pool_handle_t *)newpool;
- }
-@@ -388,7 +388,7 @@
- */
- blocksize = ( (size + BLOCK_SIZE-1) / BLOCK_SIZE ) * BLOCK_SIZE;
- if ( (pool->curr_block = _create_block(blocksize)) == NULL) {
-- ereport(LOG_CATASTROPHE, XP_GetAdminStr(DBT_poolMallocOutOfMemory_));
-+ ereport(LOG_CATASTROPHE, "%s", XP_GetAdminStr(DBT_poolMallocOutOfMemory_));
- #ifdef POOL_LOCKING
- crit_exit(pool->lock);
- #endif
-@@ -410,7 +410,7 @@
-
- void _pool_free_error()
- {
-- ereport(LOG_WARN, XP_GetAdminStr(DBT_freeUsedWherePermFreeShouldHaveB_));
-+ ereport(LOG_WARN, "%s", XP_GetAdminStr(DBT_freeUsedWherePermFreeShouldHaveB_));
-
- return;
- }
diff --git a/debian/patches/series b/debian/patches/series
index 1ceb200..4c983c0 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1 @@
default_user
-format-security.diff
commit b127228f1cb1626dbe12b21bacc20121ad4b5cda
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Wed Jun 27 19:30:41 2012 +0300
bump the upstream version
diff --git a/debian/changelog b/debian/changelog
index 8c3916e..06ec1f7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-389-ds-base (1.2.10.4-1) UNRELEASED; urgency=low
+389-ds-base (1.2.11.6-1) UNRELEASED; urgency=low
[ Timo Aaltonen ]
* New upstream release.
commit 5b715ab9d55a7c40b3c636b0adad26c9e30c693a
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Wed Jun 27 10:35:08 2012 -0400
Ticket 366 - Change DS to purge ticket from krb cache in case of authentication error
Bug Description: Under certain circumstances, a replica can be removed, and readded,
but the master replica still holds its old kerberos credentials in
a cache(ccache). Until the mater replica is restarted, replication
will not resume.
Fix Description: If a sasl bind fails, ands it a GSSAPI, and the errror is 49, clear
out the ccache.
I also noticed that when this situation arises we report errors when
trying to update the referrals in the repl agreement to this replica.
The error is 20(type or value exists), and it will log at least one of
these messages per update. The error should not be written to the
error log, as it's not a problem that needs reporting.
https://fedorahosted.org/389/ticket/366
reviewed by: richm(Thanks!)
(cherry picked from commit 14cb1d07ee1864de8ca54083ef6901d5b4627758)
diff --git a/ldap/servers/plugins/replication/replutil.c b/ldap/servers/plugins/replication/replutil.c
index b09bf53..5e8019c 100644
--- a/ldap/servers/plugins/replication/replutil.c
+++ b/ldap/servers/plugins/replication/replutil.c
@@ -788,7 +788,7 @@ repl_set_mtn_state_and_referrals(
}
}
- if (rc != LDAP_SUCCESS) {
+ if (rc != LDAP_SUCCESS && rc != LDAP_TYPE_OR_VALUE_EXISTS) {
slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "repl_set_mtn_referrals: could "
"not set referrals for replica %s: %d\n",
slapi_sdn_get_dn(repl_root_sdn), rc);
diff --git a/ldap/servers/slapd/ldaputil.c b/ldap/servers/slapd/ldaputil.c
index 80ab8cb..12f01c6 100644
--- a/ldap/servers/slapd/ldaputil.c
+++ b/ldap/servers/slapd/ldaputil.c
@@ -126,6 +126,10 @@ static char **mozldap_ldap_explode( const char *dn, const int notypes, const int
static char **mozldap_ldap_explode_dn( const char *dn, const int notypes );
static char **mozldap_ldap_explode_rdn( const char *rdn, const int notypes );
+#ifdef HAVE_KRB5
+static void clear_krb5_ccache();
+#endif
+
#ifdef MEMPOOL_EXPERIMENTAL
void _free_wrapper(void *ptr)
{
@@ -1155,6 +1159,12 @@ slapi_ldap_bind(
bindid ? bindid : "(anon)",
mech, /* mech cannot be SIMPLE here */
rc, ldap_err2string(rc));
+#ifdef HAVE_KRB5
+ if(mech && !strcmp(mech, "GSSAPI") && rc == 49){
+ /* only on err 49 should we clear out the credential cache */
+ clear_krb5_ccache();
+ }
+#endif
}
}
@@ -2058,6 +2068,43 @@ cleanup:
return;
}
+static void
+clear_krb5_ccache()
+{
+ krb5_context ctx = NULL;
+ krb5_ccache cc = NULL;
+ int rc = 0;
+
+ PR_Lock(krb5_lock);
+
+ /* initialize the kerberos context */
+ if ((rc = krb5_init_context(&ctx))) {
+ slapi_log_error(SLAPI_LOG_FATAL, "clear_krb5_ccache", "Could not initialize kerberos context: %d (%s)\n",
+ rc, error_message(rc));
+ goto done;
+ }
+ /* get the default ccache */
+ if ((rc = krb5_cc_default(ctx, &cc))) {
+ slapi_log_error(SLAPI_LOG_FATAL, "clear_krb5_ccache", "Could not get default kerberos ccache: %d (%s)\n",
+ rc, error_message(rc));
+ goto done;
+ }
+ /* destroy the ccache */
+ if((rc = krb5_cc_destroy(ctx, cc))){
+ slapi_log_error(SLAPI_LOG_FATAL, "clear_krb5_ccache", "Could not destroy kerberos ccache: %d (%s)\n",
+ rc, error_message(rc));
+ } else {
+ slapi_log_error(SLAPI_LOG_TRACE,"clear_krb5_ccache", "Successfully cleared kerberos ccache\n");
+ }
+
+done:
+ if(ctx){
+ krb5_free_context(ctx);
+ }
+
+ PR_Unlock(krb5_lock);
+}
+
#endif /* HAVE_KRB5 */
#define LDAP_DN 1
commit 1889546920a69c4790d7bea5f87274f3e288f8f3
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Tue Jun 26 16:56:19 2012 -0700
Trac Ticket 396 - Account Usability Control Not Working [Bug 835238]
https://fedorahosted.org/389/ticket/396
Fix Description: Commit 003812911f56619f0db58ba627037644fb0f68fb
broke the feature. This patch is backing off the change so that
get_entry accepts NULL pblock, which is necessary for the
Account Usability plugin.
(cherry picked from commit b2a926948b974ac8c64faf80dd0d3b99583e3f33)
diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
index 8cef61d..93fc899 100644
--- a/ldap/servers/slapd/pw.c
+++ b/ldap/servers/slapd/pw.c
@@ -1548,23 +1548,20 @@ new_passwdPolicy(Slapi_PBlock *pb, const char *dn)
slapdFrontendConfig_t *slapdFrontendConfig;
int optype = -1;
- /* RFE - is there a way to make this work for non-existent entries
- * when we don't pass in pb? We'll need to do this if we add support
- * for password policy plug-ins. */
- if (NULL == pb) {
- LDAPDebug0Args(LDAP_DEBUG_ANY,
- "new_passwdPolicy: NULL pblock was passed.\n");
- return NULL;
- }
slapdFrontendConfig = getFrontendConfig();
pwdpolicy = (passwdPolicy *)slapi_ch_calloc(1, sizeof(passwdPolicy));
- slapi_pblock_get( pb, SLAPI_OPERATION_TYPE, &optype );
+ if (pb) {
+ slapi_pblock_get( pb, SLAPI_OPERATION_TYPE, &optype );
+ }
if (dn && (slapdFrontendConfig->pwpolicy_local == 1)) {
/* If we're doing an add, COS does not apply yet so we check
parents for the pwdpolicysubentry. We look only for virtual
attributes, because real ones are for single-target policy. */
+ /* RFE - is there a way to make this work for non-existent entries
+ * when we don't pass in pb? We'll need to do this if we add support
+ * for password policy plug-ins. */
if (optype == SLAPI_OPERATION_ADD) {
char *parentdn = slapi_ch_strdup(dn);
char *nextdn = NULL;
diff --git a/ldap/servers/slapd/pw_retry.c b/ldap/servers/slapd/pw_retry.c
index 09d0ed0..74e575e 100644
--- a/ldap/servers/slapd/pw_retry.c
+++ b/ldap/servers/slapd/pw_retry.c
@@ -210,43 +210,49 @@ int set_retry_cnt ( Slapi_PBlock *pb, int count)
}
+/*
+ * If "dn" is passed, get_entry returns an entry which dn is "dn".
+ * If "dn" is not passed, it returns an entry which dn is set in
+ * SLAPI_TARGET_SDN in pblock.
+ * Note: pblock is not mandatory for get_entry (e.g., new_passwdPolicy).
+ */
Slapi_Entry *get_entry ( Slapi_PBlock *pb, const char *dn)
{
int search_result = 0;
Slapi_Entry *retentry = NULL;
Slapi_DN *target_sdn = NULL;
+ char *target_dn = (char *)dn;
Slapi_DN sdn;
- if (NULL == pb) {
- LDAPDebug(LDAP_DEBUG_ANY, "get_entry - no pblock specified.\n",
- 0, 0, 0);
- goto bail;
- }
-
- slapi_pblock_get( pb, SLAPI_TARGET_SDN, &target_sdn );
-
- if (dn == NULL) {
- dn = slapi_sdn_get_dn(target_sdn);
+ if (pb) {
+ slapi_pblock_get( pb, SLAPI_TARGET_SDN, &target_sdn );
+ if (target_dn == NULL) {
+ target_dn = slapi_sdn_get_dn(target_sdn);
+ }
}
- if (dn == NULL) {
- LDAPDebug (LDAP_DEBUG_TRACE, "WARNING: 'get_entry' - no dn specified.\n", 0, 0, 0);
+ if (target_dn == NULL) {
+ LDAPDebug0Args(LDAP_DEBUG_TRACE,
+ "WARNING: 'get_entry' - no dn specified.\n");
goto bail;
}
- slapi_sdn_init_dn_byref(&sdn, dn);
-
- if (slapi_sdn_compare(&sdn, target_sdn)) { /* does not match */
- target_sdn = &sdn;
+ if (target_dn == dn) { /* target_dn is NOT from target_sdn */
+ slapi_sdn_init_dn_byref(&sdn, target_dn);
+ target_sdn = &sdn;
}
search_result = slapi_search_internal_get_entry(target_sdn, NULL,
&retentry,
pw_get_componentID());
if (search_result != LDAP_SUCCESS) {
- LDAPDebug (LDAP_DEBUG_TRACE, "WARNING: 'get_entry' can't find entry '%s', err %d\n", dn, search_result, 0);
+ LDAPDebug2Args(LDAP_DEBUG_TRACE,
+ "WARNING: 'get_entry' can't find entry '%s', err %d\n",
+ target_dn, search_result);
+ }
+ if (target_dn == dn) { /* target_dn is NOT from target_sdn */
+ slapi_sdn_done(&sdn);
}
- slapi_sdn_done(&sdn);
bail:
return retentry;
}
commit ff00f1db991e91420d1d0d8d5b8218bdede4b38e
Author: Rich Megginson <rmeggins at redhat.com>
Date: Thu Jun 21 15:12:36 2012 -0600
bump version to 1.2.11.6
diff --git a/VERSION.sh b/VERSION.sh
index 1fa17c4..87f74d8 100644
--- a/VERSION.sh
+++ b/VERSION.sh
@@ -10,7 +10,7 @@ vendor="389 Project"
# PACKAGE_VERSION is constructed from these
VERSION_MAJOR=1
VERSION_MINOR=2
-VERSION_MAINT=11.5
+VERSION_MAINT=11.6
# if this is a PRERELEASE, set VERSION_PREREL
# otherwise, comment it out
# be sure to include the dot prefix in the prerel
commit 18f324124dfcb374fab8085939c72ae1bcc33b04
Author: Noriko Hosoi <nhosoi at totoro.usersys.redhat.com>
Date: Thu Jun 14 14:40:27 2012 -0700
audit log does not log unhashed password: enabled, by default.
(cherry picked from commit df5293373d49c3a875d6fba3fec44babfff7b4f6)
diff --git a/ldap/servers/slapd/auditlog.c b/ldap/servers/slapd/auditlog.c
index 81afe3e..f6afd10 100644
--- a/ldap/servers/slapd/auditlog.c
+++ b/ldap/servers/slapd/auditlog.c
@@ -55,7 +55,7 @@ char *attr_changetype = ATTR_CHANGETYPE;
char *attr_newrdn = ATTR_NEWRDN;
char *attr_deleteoldrdn = ATTR_DELETEOLDRDN;
char *attr_modifiersname = ATTR_MODIFIERSNAME;
-static int hide_unhashed_pw = 0;
+static int hide_unhashed_pw = 1;
/* Forward Declarations */
static void write_audit_file( int optype, const char *dn, void *change, int flag, time_t curtime );
diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
index 2540e25..59561c7 100644
--- a/ldap/servers/slapd/libglobs.c
+++ b/ldap/servers/slapd/libglobs.c
@@ -1075,7 +1075,7 @@ FrontendConfig_init () {
cfg->auditlog_minfreespace = 5;
cfg->auditlog_exptime = 1;
cfg->auditlog_exptimeunit = slapi_ch_strdup("month");
- cfg->auditlog_logging_hide_unhashed_pw = LDAP_OFF;
More information about the Pkg-fedora-ds-maintainers
mailing list